We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?

Can HIPAA compliance help covered entities and business associates recover from infections of malware, including ransomware?

How can covered entities or business associates detect if their computer systems are infected with ransomware?

What should covered entities or business associates do if their computer systems are infected with ransomware?

Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?

How can covered entities or business associates demonstrate “…that there is a low probability that the PHI has been compromised” such that breach notification would not be required?

Is it a reportable breach if the ePHI encrypted by the ransomware was already encrypted to comply with HIPAA?

SC Magazine reported that the OCR issued the Ransomware guidelines as a result of a June 2016 letter request of US Representatives Ted Lieu (California) and Will Hurd (Texas) urging HHS “to develop ransomware guidelines.”

Compare jurisdictions: BYOD: Bring Your Own Device

"Lexology is a very relevant and interesting resource for South African in-house lawyers. The newsfeeds are a good measure of a firm's expertise and offer an interesting insight into recent legal developments. I would highly recommend Lexology to colleagues."